Recently I was asked to compile a list of all CiviCRM releases since 3.1.0, identifying which were security releases so that we could make sure clients' sites were secure. The organization I work for (Freeform Solutions) is focused on doing sites for other non-profit organizations, many of whom are still running older versions of CiviCRM due to budgetary or other constraints, so we wanted to be sure that no one was running a version known to contain security vulnerabilities.
IMPORTANT: You do NOT need to upgrade CiviCRM to remove this vulnerability. See "Prevent Attacks: Delete the Vulnerable File" below.
Update: Due to an unfortunate error multilingual sites cannot be upgraded to CiviCRM 3.2.2; if you’re running such site please wait for CiviCRM 3.2.3. Single-language sites (regardless of the language they use) should upgrade to CiviCRM 3.2.2 cleanly, and new CiviCRM 3.2.2 installations (both single- and multilingual) should work without a problem.